Best practice in the cloud: an introduction - Cloud

Best practice in the
cloud: an introduction
Using ITIL® to seize the opportunities
of the cloud – and rise to its challenges
Michael Nieves
AXELOS.com
© AXELOS 2014
White Paper
April 2014
Contents
1Introduction
3
2
The ITIL service lifecycle
6
3
What does cloud computing mean for ITSM?
7
4
Management of cloud computing through the ITIL service lifecycle
11
5
Conclusion: taking best practice to the cloud
17
References17
About the author
17
Reviewers18
Acknowledgements18
Trade marks and statements
© AXELOS 2014
18
Best practice in the cloud: an introduction
3
1 Introduction
The purpose of this white paper is to introduce the challenges of managing an IT environment in a cloud
setting. It identifies the benefits of cloud computing and the potential unintended consequences – and
how ITIL provides the foundations for best practice in a cloud environment.
This paper is intended for:
●● IT service management (ITSM) professionals already using ITIL in a cloud environment
●● ITSM professionals who understand ITIL and its benefits, and want to adopt and adapt ITIL for their
cloud requirements
●● IT service providers consuming cloud services
●● Cloud service providers.
1.1 USING A BEST-PRACTICE APPROACH FOR THE CLOUD-ENABLED FUTURE
The advent of cloud computing models is one of the hottest topics in enterprise IT, and arguably in
business as a whole.
By enabling organizations to source IT services, infrastructure and applications on a flexible pay-per-use
basis, and to provision and retire them as appropriate in line with changing business volumes and
needs, cloud computing opens the way to major benefits across the organization. These include new
levels of agility, cost variability, responsiveness to change, speed to market and a reduction in overall
lifecycle costs.
A new role for ITSM
Cloud provisioning brings opportunities to maintain and enhance ITSM’s relationship with the business. It
is the responsibility of ITSM to understand the needs of the business and source appropriate services to
meet those needs. ITSM must respond to business needs while simultaneously sustaining the bedrock of
IT security and control, and empowering the organization to innovate faster in response to opportunities
and risks.
Cloud computing can change the role of ITSM within an organization. The role of the service provider
becomes more complex, with ITSM becoming an informed customer acting on behalf of the business.
The attractions of the cloud
The benefits that the cloud presents for ITSM and the organization as a whole mean that many CIOs,
along with other leaders in IT and the business, are eager to adopt cloud models. Rather than making
and maintaining IT services in house, IT wants to procure them externally at a cost that is aligned with
usage. Business units are also attracted by this move to a more flexible and responsive form of IT
provisioning. At its simplest, the cloud means they can order up a service and start using it from Day 1.
The flexibility offered by the cloud enables IT service providers to play a more strategic role in the
business. ITSM has the opportunity to move beyond its traditional focus of cost-cutting and become
revenue-generating – for example, by entering new markets, commercializing innovative products and
services, or offering more compelling customer-value propositions.
IT organizations have begun to apply cloud capabilities in a manner that opens up the opportunity
landscape in areas other than operational excellence. Rather than constraining strategic opportunities,
they are making explicit contributions in areas of product leadership, customer intimacy, operational
excellence and adaptive delivery (see Figure 1). These terms are explained below:
●● Adaptive delivery Focuses on the configuration of services around a product rather than the product
itself (e.g. service offerings at the right time and place, responsiveness to customer urgency). Retail
companies, for example, have gained improved delivery responsiveness in the face of market demand
fluctuations through the application of cloud capabilities.
●● Operational excellence Focuses on optimizing the production and delivery of services or products,
thereby enabling competitive pricing or distinctive capabilities (e.g. improving costs, improving
reliability, optimizing processes, standardizing service).
© AXELOS 2014
4
Best practice in the cloud: an introduction
●● Product leadership Helps strategic business units (SBUs) enhance their customers’ use or application
of their product, thereby making rivals’ products obsolete (e.g. improving products (goods and
services), innovation, rapid commercialization, maintaining an entrepreneurial posture, pursuing new
solutions or markets). Cable companies, for instance, have gained improved product capabilities by
redeploying cable content through commercial cloud solutions.
●● Customer intimacy Focuses on long-term relationships with customers rather than customer
transactions (e.g. meeting demands with greater precision, decentralizing the organization,
segmenting markets). Financial service firms, for example, have encountered the shortcomings of
monolithic operating models (gained through consolidation efforts) delivering similar services to
trading desks as they would to a retail bank, but frustrating both. Through the use of cloud
capabilities, these firms are delivering services more specific to each SBU without surrendering the
cost structures.
Figure 1 The opportunity landscape enabled by cloud computing
The challenges of the cloud
As well as clear benefits, cloud computing presents some challenges. Major corporations have already
experienced some of the risks associated with cloud computing – including infringements to data
regulations, wide levels of data duplication and system conflicts.
Mistakes in putting business services, especially mission-critical services, in the public cloud could result in
major market issues, incidents and downtime, and less reliable services. The ease and speed with which a
vast array of cloud services can be bought and provisioned creates an insidious trap for those organizations
that fail to think through the full implications. Server virtualization is a good example of this.
© AXELOS 2014
Best practice in the cloud: an introduction
5
When virtualization came on the scene, buying it was an obvious and easy choice for most IT functions.
It enabled IT to cut costs by consolidating physical machines into virtual machines – simultaneously
boosting hardware utilization and addressing issues such as server sprawl. Virtualization showed itself to
be a legitimate solution for a set of complex problems.
It seemed like an obvious and simple solution. The drawback, as usual, lay in the immutable law of
unintended consequences. If virtualization was treated solely as a technology issue, it had the potential
– alongside solving some problems – to create a new problem, by adding a further layer of complexity to
every process and function across the organization, from fixing breakages to running helpdesks.
The underlying issue was that, in the rush to virtualize their hardware, many IT organizations had failed
to ask how they would govern and manage the new environment. As a result, they ended up simply
replacing physical server sprawl with virtual server sprawl. So the benefits realized with one hand were
effectively taken away with the other.
Learning lessons
Fast-forward to the expanding wave of cloud services targeting a comprehensive array of organizational
functions, ranging from enterprise resource planning (ERP) to customer relationship management (CRM)
to human resources (HR).
This means taking a holistic view that looks beyond the immediate cost opportunities of the cloud, and
encompasses the need to maintain rigorous management, control and visibility over the full ITSM
lifecycle – whether it’s utilizing cloud services or not. Organizations that fail to do this, and instead think
about the cloud in a narrow and siloed way, will find themselves giving back a lot of the gains through
unforeseen problems around costs, duplicated effort, serviceability, flexibility and availability.
Focusing on the service issues, not just IT
The key to avoiding these pitfalls is to take account of the underlying service challenges and solutions,
not solely those around technology. For a global organization, the business issues that the cloud is used
to address will vary between different areas of the organization – a diversity that serves to underline the
need for a service management-focused approach to delivering and consuming cloud services.
For example, some geographies or divisions may want to use the cloud for CRM, others for ERP
integration, still others for selected business support processes, and some for experimenting with social
media. These activities cannot all be micro-managed by the central business, which would actually
hinder their responsiveness to local business needs. But, without reducing their effectiveness or the
resulting benefits, these diverse cloud programmes can be required to comply with an overarching
management framework that ensures consistency and visibility.
1.2 GOVERNANCE FOR CLOUD COMPUTING
What is governance?
Definition: governance
Ensures that policies and strategy are actually implemented, and that required processes are correctly followed.
Governance includes defining roles and responsibilities, measuring and reporting, and taking actions to resolve
any issues identified (ITIL Glossary).
Governance is the single overarching area that ties IT and the business together, and services are one
way of ensuring that the organization is able to execute that governance. Governance is what defines the
common directions, policies and rules that both the business and IT use to conduct business. Many
ITSM strategies fail because they try to build a structure or processes according to how they would like
the organization to work instead of working within the existing governance structures.
Changing the organization to meet evolving business requirements is a positive move, but project
sponsors have to ensure that any changes are accepted and approved through a defined governance
© AXELOS 2014
6
Best practice in the cloud: an introduction
process. Failure to do this will result in a break between the organization’s governance policies and its
actual processes and structure. This results in a dysfunctional organization, and a solution that will
ultimately fail.
Service governance and management structures
A key component of a cloud architecture is service governance. Service governance defines,
communicates and automates the policies, standards and principles applied to the service provider in
providing cloud services. Governance is defined and enforced through the cloud architecture, financial
management for IT services and service portfolio management. The service strategy phase of the
lifecycle is key in defining the standards, governance, models and content of a cloud architecture.
The game-changing shift to cloud computing means that the ITSM function now, and in the future,
will need to adapt and grow its own best practices, such as ITIL, to enable it to handle the increased
complexity and flexibility that comes with cloud enablement. ITIL provides the best-practice foundations
on which to build cloud capabilities. Organizations can adopt and adapt ITIL best practice to suit
their cloud requirements. Crucially, developing this new type of ITIL-based management is not an
option for IT. Instead, it’s an absolute necessity if ITSM is to maintain its relevance and influence in
the organization.
In a world where any business unit can buy new cloud services at will, there is a real risk of IT being
bypassed and losing relevance. To avoid this disintermediation, ITSM must understand both the
technology itself and the business issues it is being used to address. And ITSM must then go on to apply
this understanding in order to strike the right balance between rigorous management and the nimbleness
that cloud solutions can offer.
To achieve these outcomes, IT will need to create governance and management structures that are
appropriate across all aspects of the environment – including processes and workflows, governance
policies and cloud service evaluation and selection. And it will need to tie these together operationally by
applying capabilities in operating model design.
ITIL is not a complete, ready-made answer for cloud environments. But what ITIL does provide is a
proven framework that can be supplemented and refined with cloud-specific content, thus repositioning
and readying ITSM for the cloud journey.
2 The ITIL service lifecycle
2.1 A PROVEN FRAMEWORK FOR ITSM
Since its initial launch in the UK in the 1980s, ITIL has played a pivotal role in connecting technology
with the management of IT.
ITIL differs from other attempts at codifying IT service management by being grounded in a coherent and
holistic view of IT services. Its aim is to provide practical guidance while explaining the underlying theory
and practice of managing IT services. Written for a wide audience, it lays out the fundamental principles
and processes of a discipline that makes modern life possible.
2.2 THE FIVE STAGES OF THE LIFECYCLE
From its first incarnation, ITIL started out with a recognition that IT organizations accomplish business
outcomes that none of us could achieve alone. The ITIL service lifecycle approach builds on this
foundation by offering a disciplined way of thinking about those outcomes and offering viable guidance
for achieving them.
© AXELOS 2014
Best practice in the cloud: an introduction
Continual
service
improvement
7
Service
transition
Service
strategy
Service
design
Service
operation
Figure 2 The ITIL service lifecycle
The ITIL service lifecycle (see Figure 2) is described in a set of five core publications (Cabinet Office,
2011). Each publication covers a stage in the lifecycle – from the initial definition and analysis of
business requirements in ITIL Service Strategy and ITIL Service Design, through migration into the live
environment within ITIL Service Transition, to live operation in ITIL Service Operation and, finally, to
improvement in ITIL Continual Service Improvement – which surrounds and supports all stages of the
lifecycle.
2.3 USING THE ITIL SERVICE LIFECYCLE IN A CLOUD ENVIRONMENT
ITIL’s rich blend of theory and practice is proving especially valuable and relevant as cloud computing
enters the equation, promising to disrupt and revolutionize the familiar concepts of IT development,
sourcing and governance. ITIL has the proven ability to help IT managers make clear choices – and this
capability to support well-informed decisions will be vital amid the gathering groundswell of change now
being generated by cloud computing.
The right decisions today will lead to the right cloud-based solutions and governance tomorrow – and
ITIL provides the signposts for this journey.
3 What does cloud computing mean for ITSM?
3.1 DEFINING CLOUD COMPUTING
Cloud computing has been defined in many different ways, and approached from a wide variety of
perspectives. The following descriptions of service models, deployment models, characteristics and
actors are commonly accepted terms.
© AXELOS 2014
8
Best practice in the cloud: an introduction
Three service models
●● SaaS: software as a service
●● PaaS: platform as a service
●● IaaS: infrastructure as a service.
Four deployment models
●● Private This cloud infrastructure is operated solely for a specific organization, can be managed by
the organization or a third party, and may be located on-premise or off-premise.
●● Community This type of cloud infrastructure is shared by several organizations and supports a
specific community, perhaps in a geography or industry.
●● Public This cloud infrastructure is made available to the general public or a large industry group, and
is owned by the organization selling cloud services.
●● Hybrid This type of cloud infrastructure is composed of a blend of two or more of the service models
already listed above.
Five essential characteristics
●● On-demand self service
●● Broad network access
●● Resource pooling
●● Rapid elasticity
●● Measured service.
… and five potential actors
●● Cloud consumer A person or organization that maintains a business relationship and uses services
from a cloud provider.
●● Cloud provider A person or organization that makes cloud services available.
●● Cloud broker A supporting role that manages usage, performance and delivery of cloud services, and
negotiates the relationship between cloud providers and cloud consumers. This is the role that ITSM
plays in the cloud environment.
●● Cloud auditor A supporting third party that can conduct independent auditing of the cloud services
and determine the security of the cloud implementation.
●● Cloud carrier An intermediary that provides connectivity and transport of cloud services between
cloud provider and cloud consumer.
3.2 WHAT CLOUD COMPUTING IS NOT
While cloud services draw upon many domains, it is important to avoid conflation with other
computing models.
●● Cloud services are not managed services The managed-services model typically offers a fixed
quantity of resources over a specified time period. Cloud services, in comparison, may be on-demand,
scalable resources for variable durations. The level of assurance that cloud providers offer varies, and
some free options have less assurance than paid-for options.
●● Cloud services are not the same as outsourcing The outsourcing model typically (but not always)
offers a transfer of assets as a fixed quantity. The value focus is often on economies of skill, labour
arbitrage and cost management. Cloud services focus on shared, scalable capacity usually in the
pursuit of alternative value levers.
●● Cloud services do not mean virtualization While virtualization may be a vital building block and
capacity delivery vehicle, cloud services may be offered without virtualization.
●● Cloud computing is not utility computing The utility computing model does not incorporate the
essential attribute of broad network access. In other words, it does not allow for location
independence.
© AXELOS 2014
Best practice in the cloud: an introduction
9
●● Cloud computing doesn’t require traditional self-service Improved alternatives could include an
application programming interface (API) where an application requests capacity, or cloud provider
logic where requests are generated by predefined service level agreements (SLAs) or policies.
3.3 USING THE CLOUD TO INCREASE AGILITY
The ease of adopting cloud services varies between different organizations. For example, an organization
regarded as ‘agile’ in terms of cloud adoption will usually have a number of specific attributes. These
include:
●● A successful track record in striking the right balance between customer needs and organizational
capabilities
●● An ability to manage flexible coordination of resources and service support
●● Speed of execution and market delivery
●● A proven ability to drive continual improvement, supported by great feedback mechanisms
●● A strong long-term reputation in its industry.
An agile organization that has adopted best practice will find that adopting a cloud computing strategy is
an evolution of its current business practices, and will find it easier than other businesses to transform
its service models to respond to the changing consumer by staying focused on service management.
Cloud providers that are less agile or are not already using ITSM best practices will need to transform
themselves quickly to deliver cloud services, and the effort required to execute this transformation may
well prevent them from taking full advantage of current practices.
Three types of service provider are classified within ITIL (Types I, II, III), and customers for cloud
services may adopt a cloud provider strategy that combines the advantages and mitigates the risks of all
three. Such a strategy enables the business to allocate its various needs across the different types of
service provider, based on whichever type best provides the desired business outcomes. When an
organization takes this approach, the value network supporting it cuts across the boundaries of more
than one organization. Regardless of the type of service provider, each solution requires a range of
service management model process and practice elements, in order to manage the services effectively
and measure the value provided to the business customer.
Three types of service provider
Type I: An internal service provider that is embedded within a business unit. There may be several Type I service
providers within an organization. Examples include IT, HR and finance.
Type II: An internal service provider that provides shared IT services to more than one business unit within the
same corporate group. Type II service providers are also known as shared service units.
Type III: A service provider that provides IT services to external customers. These providers are used
predominantly by organizations with flexible and lean operating models.
3.4 MIGRATING FROM ‘TRADITIONAL’ IT TO A CLOUD MODEL
So, what does transitioning from ‘traditional’ IT to a cloud model actually involve? As illustrated in
Figure 3, the first step is the segmentation of IT components into consumable objects. These objects
help the organization to model the delivery of services such as infrastructure, platforms, applications and
processes. These service models become consumable as value networked objects available in private,
public, community or hybrid networks.
© AXELOS 2014
10
Best practice in the cloud: an introduction
Figure 3 The migration from ‘traditional’ IT to a cloud model
Over time, the cloud computing market will evolve and other types of as-a-service model will emerge,
commonly termed ‘XaaS’. Business-process-as-a-service (BPaaS), which doesn’t rely on but can benefit
from cloud computing, is already popular. Furthermore, as mobile devices and virtual desktop
environments evolve, the characteristics for broad network access will evolve with them. Advances in
hardware, including in personal computers, televisions and other devices used for mass media, will
impact the cloud computing ‘value networks’ – defined as complex sets of relationships between two or
more groups or organizations, in which value is generated through exchange of knowledge, information,
goods or services. These advances will further evolve the definition of cloud computing itself.
3.5 THE CHALLENGES OF TRANSITIONING TO THE CLOUD
As customers’ demands on IT increase, IT needs to respond quickly or find itself being bypassed and
sidelined. Customers will not wait on IT – especially when ready-made alternatives exist in the market, in
the shape of external cloud providers from whom they can buy services direct.
No IT organization wants to become optional or lose control of the management of IT resources and
data. And no organization should want this either. The loss of control by IT will increase costs and
eventually lead to governance, risk and compliance issues, which will affect the organization’s ability to
do business. To avoid these outcomes, IT organizations need to focus more on the utilization of IT
services, and accept that users do not want to have to think like IT professionals in order to utilize a
service.
An IT organization that takes these messages to heart will commit itself to making IT services more
consumable and user-friendly based on how each service is consumed. With consumerization of IT
increasingly affecting workplace technology in all its forms, IT needs to anticipate user needs, and
change from being primarily datacentre-focused to more end-user-focused.
3.6 THE BENEFITS OF TRANSITIONING TO THE CLOUD:
HIGHER BUSINESS PERFORMANCE
Many organizations aiming to become higher-performing by improving service delivery and customer
experiences are considering adopting cloud services. If IT can achieve the following, then the impact on
business outcomes will be dramatic:
●● Increased agility – able to deliver new IT capabilities faster
●● Efficiencies resulting in cost savings
●● Innovation in IT delivery
© AXELOS 2014
Best practice in the cloud: an introduction
11
●● Higher speed to market
●● More rapid provisioning of services, applications, capabilities and resources to support business and
IT transformation and change, and better services to customers
●● Moving from a capital expenditure (CAPEX) model to an operational expenditure (OPEX) model
●● Greater elasticity of infrastructure.
When companies and their IT functions embrace cloud computing, they also tend to remove the
constraints on customers. Without having to own specific resources and costs, customers can be freed
up to focus on what they consider to be their core competency, again boosting business performance.
SaaS, PaaS and IaaS services managed by a Type III service provider offer a number of specific
additional benefits on top of those mentioned above. The cloud provider builds, hosts, maintains and
operates the service but the in-house IT department retains overall responsibility for the service. If
delivered and managed correctly, the result is a smaller datacentre, lower CAPEX and resourcing costs,
and a shift in the responsibilities of IT application management staff to duties that add more business
value. The outcomes generally also include reduced total cost of ownership (TCO) and improved returns
on investments in software and IT infrastructure.
Overall, what’s clear is that cloud computing dramatically reshapes the remit, role and responsibilities of
ITSM. We’ll now look at how ITIL can help to position IT to achieve the necessary transformation.
4 Management of cloud computing through the ITIL
service lifecycle
4.1 THE NEED FOR A HOLISTIC AND BUSINESS-ALIGNED APPROACH …
Organizations that do not already apply best practices in ITSM will find that adopting a cloud computing
strategy raises particular challenges around managing cloud computing services. A piecemeal or siloed
approach to cloud computing raises the risk of uncoordinated usage of different cloud services in a
patchwork manner across the organization, leading to increased costs and risk of failure.
Moreover, focusing exclusively on the technical aspects of cloud computing will bring further challenges.
Such an approach risks neglecting the business opportunities and governance challenges that cloud
computing brings, and can ultimately result in an IT environment every bit as complex, costly and hard
to manage as the traditional model that is being replaced.
These risks have already been encountered by some major corporations, which have found their business
units bypassing the IT organization to source third-party cloud computing solutions directly from vendors.
As well as inhibiting cost control, this has resulted in some organizations experiencing infringements to
data regulations, wide levels of data duplication, and even conflicts between systems. So cloud adoption
that initially appeared to represent rapid progress later had to be unwound – requiring the organization to
start again.
At the same time, a top priority across many companies is for IT to engage more effectively and be more
responsive to business units and groups across the organization. To achieve these goals, IT organizations
need to take an optimized approach that centralizes common activities and helps drive rapid
implementation, enabled though standardized, quality-controlled IT procurement processes.
4.2 … PLAYS DIRECTLY TO THE STRENGTHS OF ITIL
ITIL can help organizations meet all these requirements. ITIL provides easily applicable, tried-and-tested
principles, methods and techniques which can be applied to a cloud computing environment, helping
organizations to adapt to cloud computing solutions with the right balance of robust IT management and
cloud-enabled agility. Indeed, many of the ITIL strategies, delivery models and service models are deeply
relevant to cloud computing, with some ITIL processes now being used in more dynamic ways to
accommodate cloud computing more effectively.
© AXELOS 2014
12
Best practice in the cloud: an introduction
4.3 FORMULATING A SERVICE STRATEGY FOR CLOUD COMPUTING
Each organization embarking on the cloud journey needs a clear and explicit strategy for achieving its
cloud adoption vision. The pitfall here is a temptation to rely on ‘expert’ technical judgment without
creating an overall strategy and business plans. It would be very quick and easy for an organization that
currently has an on-premise service to switch to a public cloud service for short-term cost savings,
without undertaking a strategy-formulation process.
As organizations move to the cloud, they may find that their whole service management model changes
– so they need a service strategy that builds on and enhances their special strengths and core
competencies. Considerations for business and IT service continuity management also need to be
applied.
Finally, it is vital not to overlook the importance of people. Success in adopting cloud computing
ultimately depends on how people adapt their thinking and ways of working. People have always been
the most important factor in ITIL adoption – and to be high-performing, an organization should not only
look for people to adhere to processes, but also to be committed to service. Since cloud computing is
new to the organization and transformational in its effects, having people adhere to enhanced processes
may not be enough to improve service performance. Instead, people who are committed to the cloud
and understand the value it delivers to themselves and the organization will be the best advocates
for its adoption.
4.4 BEST PRACTICE ACROSS THE SERVICE LIFECYCLE
We’ll now examine illustrative challenges in cloud adoption throughout the ITIL service lifecycle.
Service strategy
As organizations formulate and then implement their cloud computing strategies, they often find
themselves migrating to an increasingly diverse mix of cloud-based services and private clouds, all
coexisting with on-premise legacy systems. This shift brings with it new organizational, governance and
process challenges.
Continual analysis and evaluation is needed in order to properly manage the evolving ecosystem. New
SaaS options, for example, may be trialled alongside proprietary capabilities. And due diligence around
processes requires greater industrialization, given the potentially increased throughput required and the
fact that not all cloud services are created equal.
Close consideration should be given to the design of the service portfolio; governance and service level
management; and service accounting. The design of the service portfolio to be offered in the service
catalogue should be careful to reflect economic value for the business – in ITIL terms, using the right
resources for the right capabilities for value. Governance considerations should include vendor
management of external suppliers to assure decision support related to leadership in IT. And service
accounting models including pay-as-you-go, quota-based, hybrid and showback should be assessed for
financial transparency and the actual cost and price of the service.
Service strategy processes that require special consideration in a cloud environment are
discussed below.
Financial management for IT services
Financial management for IT services is responsible for managing an IT service provider’s budgeting,
accounting and charging requirements. It provides the business and IT with the quantification, in
financial terms, of the value of IT services. As a result, accounting for spend shifts from being a
combination of capital and operational expenditures, where capital expenditures are depreciated, to
being operational expenditures.
Because the cost of a cloud service comes from an underpinning contract (rather than a calculation
based on actual costs), budgeting for cloud services may seem simpler. However, it can be more
complicated. Budgeting for cloud services can be difficult because the cloud consumer has to predict
usage for the pay-as-you-go model and accept that there may be variances to budgets when usage
doesn’t match forecasts. Budgeting will – of necessity – rely upon information provided by the supplier.
© AXELOS 2014
Best practice in the cloud: an introduction
13
Regulatory requirements may adjust due to services and data storage being supplied by outside entities,
perhaps including some with overseas operations. Enterprise financial policies may not change, but
different policies will be relevant as the accounting for services changes from capital expenses to
operational expenses. Similarly, there should also be no change in the financial inputs coming from other
service management processes, but the amounts from the other processes may see dramatic shifts. For
example, release and deployment management costs should decrease. Inputs from portfolios will change
little, but the importance of the inputs will change considerably.
Service portfolio management
Service portfolio management is the process responsible for managing the service portfolio. The service
portfolio describes the provider’s services in terms of business value and articulated business needs and
the provider’s response to those needs.
In a cloud environment, it’s essential that the IT service provider, as a cloud services consumer, has a
strong service portfolio management process in place. Stronger and redefined process interfaces will be
required, since some process responsibilities might remain under the control of the consumer. In such
cases, interfaces between the respective processes of the consumer and provider will be critical. Also,
the relationship with service level management will require increased visibility when transitioning to the
cloud, both from the perspective of managing the customer’s expectations and also in capturing and
documenting key service-level performance metrics.
Service design
Service catalogue management
A service catalogue is often the point of entry or ‘acquisition portal’ for requesting supporting service
offerings available to the organization. In such cases, a clearly defined service catalogue process is
required for interfacing with cloud suppliers, and for determining the organization’s cloud interfaces and
organizational infrastructure dependencies related to the cloud services.
Capacity management
Capacity management comprises three sub-processes: business capacity management (which is
essential to operate successfully in a cloud environment), service capacity management, and component
capacity management. The purpose of capacity management is to provide a point of focus and
management for all capacity and performance issues relating to both services and resources.
While a cloud-based service may, in theory, be infinitely elastic, there remains a need by the cloud
consumer to ensure optimum resource utilization. While capabilities such as auto-provisioning decrease
the importance of certain elements of capacity planning, there is an increased need for closer interfaces
with financial management for IT services, in order to forecast, monitor and control usage, understand
the costs associated with the various cloud options, and ensure that usage of cloud services is costeffective. Moreover, the capacity planner must continue to understand the relationship of capacity to
patterns of business demand.
Service level management
Service level management potentially requires increased rigour when transitioning from on-premise to the
cloud, both from the perspective of managing the customer’s expectations and for capturing and
documenting key service level performance metrics. Cloud environments are made up of many fulfilment
elements, supporting architectural and infrastructure layers. It is important to make explicit the extent to
which an SLA assurance applies. For example, an SLA may address a technological implementation or
quality of service detail, but not its underlying hosting environment.
Other issues may dictate considerations for documenting appropriate granularity or scope requirements.
For example:
© AXELOS 2014
14
Best practice in the cloud: an introduction
●● Defining non-compliance and its penalties
●● Security and privacy
●● Compliance verification and management
●● Disclosing cross-cloud dependencies
●● Archival and data-replication assurances.
Availability management
The traditional model of availability management is based on the premise that a deployed application is
dependent on the underlying infrastructure for fulfilling assurances of service availability. However, when
applications rely on cloud-based infrastructure, they are seeking to relinquish direct responsibility for the
infrastructure, sometimes negotiating an SLA as a substitute for a level of control.
Increasingly, cloud consumers are applying a ‘design for failure’ model whereby infrastructure availability
is irrelevant to application availability; applications adapt to changes in infrastructure without downtime.
Developers for cloud-based applications assume infrastructure will indeed fail, other applications will fail,
and disasters will happen. Therefore, applications deployed with ‘design for failure’ may not require
SLAs. In these cases, availability management applies an approach for automated recovery from failure.
Service transition
Change management
Change management is responsible for controlling the lifecycle of all changes, enabling beneficial
changes to be made with minimum disruption to IT services.
One of the reasons organizations adopt a cloud model is to free themselves of the burden of planning,
testing and executing upgrades, patches and new features (although cloud consumers will still need to
carry out testing, particularly when integrating cloud services). There is then an expectation that all
changes will occur seamlessly, with no disruption to the service provided.
For those providing cloud services, it is important to remember that the change process still requires
end-to-end management. In shared environments, processes for fast-tracking standard changes and
minor changes without lengthy approval or impact analysis must be in place. There must also be rigid
standards for how change requests are submitted, and for the information that needs to be recorded in
the change record. Assistance is provided here by the standards-based architecture and the number of
automated processes inherent in a cloud model, which will help to improve change controls.
Service asset and configuration management
Asset management is the process responsible for tracking and reporting the value and ownership of
financial assets throughout their lifecycle. Configuration management is the process responsible for
maintaining information about configuration items (CIs) required to deliver a service, including their
relationships.
While the cloud simplifies hardware asset management from a customer perspective, any type of
virtualization and cloud implementation will prove more challenging from a configuration management
and software asset management perspective.
Release and deployment management
Release and deployment management is the process responsible for planning, scheduling and controlling
the deployment of releases to test and live environments, and delivering new functionality required by
the business while protecting the integrity of existing services.
The technical aspects of the release and deployment management role are likely to remain with the
cloud service provider. However, the change enablement elements – such as people enablement,
communication and training – are likely to remain with the customer. However, while the cloud customer
and service provider will be focusing on different aspects, a cloud broker will often work with the
customer and potentially other service providers to ensure integration.
© AXELOS 2014
Best practice in the cloud: an introduction
15
Service validation and testing
This is the process responsible for validation of a new or changed IT service. Service validation
and testing ensures that the IT service matches its design specification and will meet the needs of
the business.
Testing activities require efficient coordination, so that activities executed locally or in the cloud –
whether in sequence or parallel to each other – can achieve common testing objectives. Cloud customer
organizations need to determine whether they will continue to play a pragmatic role in planning,
designing and validating test plans and results, while cloud providers are more likely to focus on
preparing test environments and test data, and providing infrastructure and resources to execute tests.
A cloud provider may not understand the customer’s business needs and expectations from a service
quality perspective. This knowledge gap may increase the risk of the customer transitioning to a service
that does not meet business requirements. It is important to avoid this type of misalignment of
expectations and objectives between the cloud provider and customer – especially since testing is a
complex and multifaceted process, and deeply connected to the quality of service, and customer and
business value.
Service operation
Event management
An event is a change of state that has significance for the management of a configuration item or IT
service. Event management is the process responsible for managing events throughout their lifecycle.
While simple ‘if-then’ type conditions were sufficient to manage event filtering in infrastructure
management before the advent of cloud computing, the move to a cloud environment will force service
providers to re-evaluate events for filtering based on their impacts on application or infrastructure
services. Event correlation and response in a theoretically infinitely scalable environment offers providers
new options for quickly responding to and remedying events. But this change will challenge infrastructure
and application owners to leverage related service management processes such as problem management
more effectively, in order to control the costs associated with the increased flexibility.
Incident management
An incident is an unplanned interruption to an IT service or reduction in the quality of an IT service.
Incident management is the process responsible for managing the lifecycle of all incidents. The purpose
of incident management is to restore normal service operation as quickly as possible and minimize the
adverse impact on business operations, thus ensuring that agreed levels of service quality are
maintained.
After migration to the cloud, the incident process manager will continue to be accountable for closing all
incidents. However, this will be a more challenging task in the cloud environment, with most of the
process activities (and execution of roles) now being outside of their control in the provider organization.
Given this shift, strict alignment with the provider’s incident management process is critical to ensure
accountability. Achieving this becomes especially challenging in public and community clouds (and also
in major providers’ private clouds), since the providers of these have standard SLAs and support models
that might not easily align with the customer’s incident management processes. Moreover, there could be
a mismatch in toolsets and capabilities at the customer side versus the cloud provider. To help avoid and
address such issues, care should be taken that provider solutions are robust enough to provide the
necessary metrics and reports.
Request fulfilment
A service request can be a request from a user for information or advice, for a standard change, or for
access to an IT service. Request fulfilment is the process responsible for managing the lifecycle of all
service requests.
© AXELOS 2014
16
Best practice in the cloud: an introduction
In a cloud environment, the management and execution of service requests is complicated by the need
to interface between the user in the business making the request, the IT function, and the cloud
provider. There is also the possibility that the cloud offering will not contain sufficient flexibility to action
the request, or that the costs of doing so will be prohibitive, so expectations need to be actively
managed.
Problem management
A problem is the cause of one or more incidents. The purpose of problem management is to manage the
lifecycle of all problems, from the first identification through to further investigation, documentation and
eventual removal. Problem management seeks to get to the root cause of incidents, document and
communicate known errors, and initiate actions to improve or correct the situation.
Performing root-cause analysis requires a clear understanding of all the vendors involved in a problem,
and how they impact one another. In a cloud environment this raises several questions. What internal
customer vendor solutions are dependent on the cloud provider, and vice versa? How are those vendors
currently being managed? What agreements are in place in a multi-vendor environment to support the
customer’s overall SLA? What internal operational level agreements (OLAs) are in place that are
dependent on the multi-vendor environment?
Access management
Cloud services call for IT organizations to extend their organizations’ access management processes in
ways that are scalable and effective for both the provider and its customers. One of the major
challenges, for example, is the secure and timely on-boarding and off-boarding of users in the cloud.
Internal processes may need to be adapted and added to based on cloud-specific requirements and
processes. These same organizations should also address authentication-related challenges such as
credential management and authentication (strong and delegated).
Well-designed access management ensures access grants, and segregation of duty enforcement at cloud
providers, are sufficiently integrated to ensure audit and compliance reporting requirements.
Continual service improvement
Continual service improvement (CSI) plays a role in all ITIL processes in different capacities. CSI is the
ongoing activity of enabling IT departments to remain aligned with strategic visions and provides an
introspective view into improving service management for customers and providers.
One of the most important objectives of CSI is evaluating and calibrating ITSM to ensure that it adjusts
to new business and customer needs. Since cloud environments normally enable organizations to be
more flexible in adjusting to changing business needs, cloud implementations tend to change more
rapidly – and will therefore need to be monitored more closely from a metrics and performance
perspective. The ongoing evaluation and measurement of performance, as outlined by the seven-step
improvement process, lends itself well to managing IT and business services in any type of cloud
environment.
Regardless of the type of cloud being provisioned, it is the responsibility of the cloud customer to
ensure that there are documented agreements around all these activities for service, process and
technology metrics.
© AXELOS 2014
Best practice in the cloud: an introduction
17
5 Conclusion: taking best practice to the cloud
For the best part of three decades, ITIL has been proving its worth – both to CIOs and the business
customers they serve – as an unsurpassed framework for connecting technology with its management. In
recent years, the ITIL service lifecycle approach has extended ITIL’s lead in its field still further.
Grounded in a holistic and accessible view of IT services, ITIL has always been differentiated by its
success in balancing technical theory with hands-on practicality. Through its clear and easily applicable
descriptions of the fundamental principles and real-world processes of ITSM, ITIL has managed to not
just retain, but actually increase its relevance through several successive cycles of change and renewal.
This achievement has seen ITIL establish itself as the leading framework for managing IT in the public
and private sectors worldwide. Now, with the accelerating move by organizations to embrace cloudbased services and build cloud-enabled operating models, ITIL’s unique blend of control and agility
means its time has truly come.
ITIL is not the complete, finished, out-of-the-box solution for running and controlling cloud environments.
But – refined with the right thinking and supplemented with cloud-specific content – it is ideally suited to
providing the right practical framework and approach for making the most of the cloud opportunity. As in
any situation, organizations should adopt and adapt ITIL according to their requirements.
In particular, by combining rigorous management, governance, control and visibility over the IT
environment with a holistic view of IT components, systems and dependencies, organizations can use
the ITIL framework as the basis for sourcing, managing and delivering cloud services to business users in
a way that is controlled yet flexible, integrated yet responsive.
By delivering services in this way, IT will avoid being bypassed and sidelined in the business’s headlong
rush to the cloud. And as a result, the CIO and ITSM functions become aligned with business needs and
positioned to grow and evolve their influence within the organization.
The good news is that there’s no need to sit down and design ITIL from scratch for the cloud world. It’s
already here, ready and waiting to be adopted, adapted and fine-tuned for the purpose. Now is the time
to harness ITIL to put your ITSM function where it belongs: at the heart of the emerging cloud
environment, from Day 1 of your organization’s cloud-enabled journey.
References
Cabinet Office (2011). ITIL Continual Service Improvement. The Stationery Office, London
Cabinet Office (2011). ITIL Service Design. The Stationery Office, London
Cabinet Office (2011). ITIL Service Operation. The Stationery Office, London
Cabinet Office (2011). ITIL Service Strategy. The Stationery Office, London
Cabinet Office (2011). ITIL Service Transition. The Stationery Office, London
About the author
Michael Nieves is a senior executive specializing in the strategy, architecture and operations of Fortune 100 IT
organizations. He has extensive experience as a practitioner and ITSM industry leader, and was co-author of
Service Strategy version 3 (2007). Michael is currently managing director of cloud and infrastructure strategy at
Accenture. He is the global lead for their IT service excellence practice, and the North American lead for their
cloud and infrastructure strategy practice.
© AXELOS 2014
18
Best practice in the cloud: an introduction
Reviewers
AXELOS and TSO would like to thank Kevin Holland (NHS Health and Social Care Information Centre)
and Mark O’Loughlin (Cloud Credential Council) for reviewing this white paper.
Acknowledgements
Sourced by TSO and published on www.AXELOS.com
Our White Paper series should not be taken as constituting advice of any sort and no liability is accepted
for any loss resulting from use of or reliance on its content. While every effort is made to ensure the
accuracy and reliability of the information, TSO cannot accept responsibility for errors, omissions or
inaccuracies. Content, diagrams, logos and jackets are correct at time of going to press but may be
subject to change without notice.
© Copyright TSO and AXELOS. Reuse of this White Paper is permitted solely in accordance with the
permission terms at http://www.AXELOS.com/Knowledge-Centre/White-Papers/
A copy of these terms can be provided on application to AXELOS at [email protected]
Trade marks and statements
The AXELOS logo is a trade mark of AXELOS Limited.
The AXELOS swirl logo is a trade mark of AXELOS Limited.
ITIL® is a registered trade mark of AXELOS Limited.
© AXELOS 2014